It's not every day that someone encounters a "zero-day" vulnerability (that comes from the factory) in Windows 10 – but that's exactly what happened to Kaspersky researchers as they barred an attack on a South Korean customer at the very end of the first semester of this year. The experts detected not just one, but two very serious flaws that, if explored together, symbolized a huge risk for machines running the OS.
- Zero day failure leaves Google Chrome exposed; Understand!
- IBM goes back and confirms Zero-Day failures in IDRM; understand the case
- New flaw hits Intel processors and may not be "fixed"
The first of these (registered under the CVE 2020-1380 code) was found in Internet Explorer, and although details of its operation have not yet been disclosed, it would theoretically allow attackers to perform remote code execution on the victim's computer. For such a bug to be useful, however, it was necessary for the attacker to escalate privileges within the system.
And that's where the second zero day (CVE 2020-0986) comes from, which uses a vulnerability in the print service to allow a privilege escalation attack. The two together make it possible to insert malware and even remote control the victim's machine. Fortunately, both loopholes have been corrected in updates released on Sunday (9) and this Tuesday (11).
“When attacks occur through 'zero day' vulnerabilities, this is always important news for the cybersecurity community. The successful detection of these vulnerabilities puts pressure on manufacturers to immediately issue a patch for the software and also reinforces the need for users to update it, ”explains Boris Larin, Kaspersky security expert.
“Associated with the ability to affect the latest versions of Windows 10, the attack discovered is really rare today. It reminds us once again of investing in threat intelligence and quality protection technologies to be able to proactively detect the latest unknown threats ”, concludes the executive.